Replicated Audit Log

When an end customer uses a Viewer or Enterprise token to view logs directly from the Publisher API, the Replicated Audit Log will record the read event in your audit log.

You can configure these events with the optional view_log_action parameter when you create a new Viewer or Enterprise token through the Publisher API. The default action is “audit.log.view”. Viewer tokens also require an actor_id parameter at creation time, while Enterprise token audit events generate an actor.id from the token.

Viewer Example

Suppose a viewer token was created with group_id=example.com, [email protected] and action=viwer.view_logs. When the token is used, an event like this will be inserted into your audit log:

Viewer Enterprise Token Self-Management

Another instance where Viewers can perform actions bypassing your API is when creating, retrieiving, updating, or deleting their own Enterprise tokens. The API will add these events to your audit log on your behalf. Note that API does not insert audit events when Enterprise tokens are managed through the Publisher API, since you have the option of sending your own audit events for these actions.

An example of an event logged when a Viewer creates their own Enterpise token is: